From b9ccb25f33e4521df3c7e874a17d876141f6429e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 23:09:13 +0200 Subject: [PATCH 01/26] Starter-class documentation of alternative implementations Signed-off-by: Gilles Peskine --- .../alternative-implementations.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 docs/architecture/alternative-implementations.md diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md new file mode 100644 index 0000000000..7b8b65ef34 --- /dev/null +++ b/docs/architecture/alternative-implementations.md @@ -0,0 +1,66 @@ +Alternative implementations of Mbed TLS functionality +===================================================== + +This document describes how parts of the Mbed TLS functionality can be replaced at compile time to integrate the library on a platform. + +This document is an overview. It is not exhaustive. Please consult the documentation of individual modules and read the library header files for more details. + +## Platform integration + +Mbed TLS works out of the box on Unix/Linux/POSIX-like systems and on Windows. On embedded platforms, you may need to customize some aspects of how Mbed TLS interacts with the underlying platform. This section discusses the main areas that can be configured. + +The platform module (`include/mbedtls/platform.h`) controls how Mbed TLS accesses standard library features such as memory management (`calloc`, `free`), `printf`, `exit`. You can define custom functions instead of the ones from the C standard library through `MBEDTLS_PLATFORM_XXX` options in the configuration file. Many options have two mechanisms: either define `MBEDTLS_PLATFORM_XXX_MACRO` to the name of a function to call instead of the standard function `xxx`, or define `MBEDTLS_PLATFORM_XXX_ALT` and [register an alternative implementation during the platform setup](#alternative-implementations-of-platform-functions). + +The storage of the non-volatile seed for random generation, enabled with `MBEDTLS_ENTROPY_NV_SEED`, is also controlled via the platform module. + +For timing functions, you can [declare an alternative implementation of the timing module](#module-alternative-implementations). + +On multithreaded platforms, [declare an alternative implementation of the threading module](#module-alternative-implementations). + +To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTROPY_XXX` options in the configuration file. + +For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS. + +If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or an [declare an alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [specific functions](#function-alternative-implementations). + +## PSA cryptography drivers + +On platforms where a hardware cryptographic engine is present, you can implement a driver for this engine in the PSA interface. Drivers are supported for cryptographic operations with transparent keys (keys available in cleartext), for cryptographic operations with opaque keys (keys that are only available inside the cryptographic engine), and for random generation. Calls to `psa_xxx` functions that perform cryptographic operations are directed to drivers instead of the built-in code as applicable. See the [PSA cryptography driver interface specification](docs/proposed/psa-driver-interface.md), the [Mbed TLS PSA driver developer guide](docs/proposed/psa-driver-developer-guide.md) and the [Mbed TLS PSA driver integration guide](docs/proposed/psa-driver-integration-guide.md) for more information. + +As of Mbed TLS 3.0, this interface is still experimental and subject to change, and not all operations support drivers yet. The configuration option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the `mbedtls_xxx` API to use PSA crypto and therefore to support drivers, however it is not yet compatible with all drivers. + +## Module alternative implementations + +You can replace the code of some modules of Mbed TLS at compile time by a custom implementation. This is possible for low-level cryptography modules (symmetric algorithms, DHM, RSA, ECP, ECJPAKE) and for some platform-related modules (threading, timing). Such custom implementations are called “alternative implementations”, or “ALT implementations” for short. + +The general principle of an alternative implementation is: +* Enable `MBEDTLS_XXX_ALT` in the compile-time configuration where XXX is the module name. For example, `MBEDTLS_AES_ALT` for an implementation of the AES module. This is in addition to enabling `MBEDTLS_XXX_C`. +* Create a header file `xxx_alt.h` that defines the context type(s) used by the module. For example, `mbedtls_aes_context` for AES. +* Implement all the functions from the module, i.e. the functions declared in `include/mbedtls/xxx.h`. + +See https://tls.mbed.org/kb/development/hw_acc_guidelines for a more detailed guide. + +## Function alternative implementations + +In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). + +### Alternative implementations of cryptographic functions + +Options to replace individual functions of cryptographic modules generally have a name obtained by upper-casing the function name and appending `_ALT`. If the function name contains `_internal`, `_ext` or `_ret`, this is removed in the `_ALT` symbol. When the corresponding option is enabled, the built-in implementation of the function will not be compiled, and you must provide an alternative implementation at link time. + +For example, enable `MBEDTLS_AES_ENCRYPT_ALT` at compile time and provide your own implementation of `mbedtls_aes_encrypt()` to provide an accelerated implementation of AES encryption that is compatible with the built-in key schedule. If you wish to implement key schedule differently, you can also enable `MBEDTLS_AES_SETKEY_ENC_ALT` and implement `mbedtls_aes_setkey_enc()`. + +Another example: enable `MBEDTLS_SHA256_PROCESS_ALT` and implement `mbedtls_internal_sha256_process()` to provide an accelerated implementation of SHA-256 and SHA-224. + +Note that since alternative implementations of individual functions cooperate with the built-in implementation of other functions, you must use the same layout for context objects as the built-in implementation. If you want to use different context types, you need to [provide an alternative implementation of the whole module](#module-alternative-implementations). + +### Alternative implementations of platform functions + +Several platform functions can be reconfigured dynamically by following the process described here. To reconfigure how Mbed TLS calls the standard library function `xxx()`: + +* Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time. +* During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`. + +Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`. + +Note that there are variations on the naming pattern. Consult the documentation of individual configuration options and of the platform module for details. From 6a2fb618960a6bb228d886b5faab81794c21013c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 22:25:04 +0200 Subject: [PATCH 02/26] Rename library/ecp_alt.h to ecp_internal_alt.h library/ecp_alt.h (declaring individual functions of the ECP module that can be substituted, included when building the library with MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided, declaring types of the ECP module when the whole implementation is substituted, included when building the library with MBEDTLS_ECP_ALT enabled). Depending on the search path during build, this can make MBEDTLS_ECP_ALT unusable. Rename library/ecp_alt.h to follow the naming convention of other alt headers: MBEDTLS_XXX_ALT corresponds to xxx_alt.h. Signed-off-by: Gilles Peskine --- ChangeLog | 2 +- docs/3.0-migration-guide.md | 2 +- library/ecp.c | 2 +- library/{ecp_alt.h => ecp_internal_alt.h} | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) rename library/{ecp_alt.h => ecp_internal_alt.h} (99%) diff --git a/ChangeLog b/ChangeLog index dc6e4515d2..ddaf3fd9f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,7 +22,7 @@ API changes Various helpers and definitions available for use in alt implementations have been moved out of the include/ directory and into the library/ directory. The files concerned are ecp_internal.h and rsa_internal.h - which have also been renamed to ecp_alt.h and rsa_alt_helpers.h + which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h respectively. * Move internal headers. Header files that were only meant for the library's internal use and diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 2d031c6a4a..a4a59b8895 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -59,7 +59,7 @@ were documented as internal, despite being in the public include directory. If you're providing alt implementations of ECP or RSA, you'll need to add our `library` directory to your include path when building your alt implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been -renamed to `ecp_alt.h` and `rsa_alt_helpers.h` respectively. +renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively. If you're a library user and used to rely on having access to a structure or function that's now in a private header, please reach out on the mailing list diff --git a/library/ecp.c b/library/ecp.c index f450056c06..044bbe1d10 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -99,7 +99,7 @@ #define mbedtls_free free #endif -#include "ecp_alt.h" +#include "ecp_internal_alt.h" #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_HMAC_DRBG_C) diff --git a/library/ecp_alt.h b/library/ecp_internal_alt.h similarity index 99% rename from library/ecp_alt.h rename to library/ecp_internal_alt.h index 6b1b29f701..9b157eaa3b 100644 --- a/library/ecp_alt.h +++ b/library/ecp_internal_alt.h @@ -1,5 +1,5 @@ /** - * \file ecp_alt.h + * \file ecp_internal_alt.h * * \brief Function declarations for alternative implementation of elliptic curve * point arithmetic. @@ -293,5 +293,5 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp, #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#endif /* ecp_alt.h */ +#endif /* ecp_internal_alt.h */ From 9ef1ea7444c21ca24535bb1367dcbbc533e1a9ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 May 2021 00:16:18 +0200 Subject: [PATCH 03/26] Move the definition of derived values out of the settings section Alternative implementations must no longer define these macros. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 05c33ff020..8cb4fb4a5c 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -249,9 +249,6 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ #endif -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) - #if !defined(MBEDTLS_ECP_WINDOW_SIZE) /* * Maximum "window" size used for point multiplication. @@ -297,6 +294,9 @@ mbedtls_ecp_group; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) +#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) + #if defined(MBEDTLS_ECP_RESTARTABLE) /** From d0b16303bb150868138467dba5c232386fc31326 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 May 2021 00:17:26 +0200 Subject: [PATCH 04/26] Determine MBEDTLS_ECP_MAX_BITS automatically MBEDTLS_ECP_MAX_BITS doesn't make sense as a configuration option: it must not be smaller than the largest supported curve, and it's useless to set it to a larger value. So unconditionally set it to the size of the largest supported curve. Remove it from the build configuration. Alternative implementations must no longer need define this macro. Signed-off-by: Gilles Peskine --- configs/config-suite-b.h | 3 +-- configs/config-thread.h | 3 +-- include/mbedtls/config.h | 1 - include/mbedtls/ecp.h | 45 +++++++++++++++++++++++++++++++++------- 4 files changed, 40 insertions(+), 12 deletions(-) diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 28e6443124..b62bdfabd0 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -84,8 +84,7 @@ #define MBEDTLS_AES_ROM_TABLES /* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 384 -#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes +#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes /* Save RAM at the expense of speed, see ecp.h */ #define MBEDTLS_ECP_WINDOW_SIZE 2 diff --git a/configs/config-thread.h b/configs/config-thread.h index bce9668fd0..c1937de80a 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -85,8 +85,7 @@ #define MBEDTLS_AES_ROM_TABLES /* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 256 -#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes +#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3139b223d9..57783f8be3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3155,7 +3155,6 @@ //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 8cb4fb4a5c..dceca3ef92 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -242,13 +242,6 @@ mbedtls_ecp_group; * \{ */ -#if !defined(MBEDTLS_ECP_MAX_BITS) -/** - * The maximum size of the groups, that is, of \c N and \c P. - */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ -#endif - #if !defined(MBEDTLS_ECP_WINDOW_SIZE) /* * Maximum "window" size used for point multiplication. @@ -294,6 +287,44 @@ mbedtls_ecp_group; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +/** + * The maximum size of the groups, that is, of \c N and \c P. + */ +#if !defined(MBEDTLS_ECP_C) +/* Dummy definition to help code that has optional ECP support and + * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */ +#define MBEDTLS_ECP_MAX_BITS 1 +/* Note: the curves must be listed in DECREASING size! */ +#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 521 +#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 512 +#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 448 +#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 384 +#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 384 +#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 256 +#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 256 +#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 256 +#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 255 +#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224 +#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 224 +#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 192 +#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 192 +#else +#error "Missing definition of MBEDTLS_ECP_MAX_BITS" +#endif + #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) From 6e1387abed085805d21d414b665e29e3943d53ad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:24:51 +0200 Subject: [PATCH 05/26] Update MBEDTLS_ECP_MAX_BITS when adding a curve Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index dceca3ef92..c098a0a5d5 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -93,6 +93,7 @@ extern "C" { * - Add it at the end of this enum, otherwise you'll break the ABI by * changing the numerical value for existing curves. * - Increment MBEDTLS_ECP_DP_MAX below if needed. + * - Update the calculation of MBEDTLS_ECP_MAX_BITS below. * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to * config.h. * - List the curve as a dependency of MBEDTLS_ECP_C and From 601d34396ca4ae0787882dbed0af733029299ae9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:27:01 +0200 Subject: [PATCH 06/26] Update TLS presets when adding a curve Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index c098a0a5d5..61d29a99a2 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -102,7 +102,8 @@ extern "C" { * MBEDTLS_ECP_yyy_ENABLED above. * - Add the necessary definitions to ecp_curves.c. * - Add the curve to the ecp_supported_curves array in ecp.c. - * - Add the curve to applicable profiles in x509_crt.c if applicable. + * - Add the curve to applicable profiles in x509_crt.c. + * - Add the curve to applicable presets in ssl_tls.c. */ typedef enum { From 814d0129ec60343e107e0477d3211f69cbe360d7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:44:25 +0200 Subject: [PATCH 07/26] Test calculated MBEDTLS_ECP_MAX_xxx constants in unit tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index a697e72ecc..f2b6376141 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -65,6 +65,8 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name ) TEST_ASSERT( by_id == by_name ); TEST_ASSERT( by_id->bit_size == size ); + TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS ); + TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 ); } /* END_CASE */ @@ -473,6 +475,7 @@ void ecp_muladd( int id, TEST_EQUAL( 0, mbedtls_ecp_point_write_binary( &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED, &len, actual_result, sizeof( actual_result ) ) ); + TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN ); ASSERT_COMPARE( expected_result->x, expected_result->len, actual_result, len ); @@ -544,6 +547,7 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format, if( ret == 0 ) { + TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN ); TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 ); } From a1b44dd80844aa7ded01ab0b78eecb05cf84a582 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:52:28 +0200 Subject: [PATCH 08/26] Changelog entry for MBEDTLS_ECP_MAX_BITS automatic determination Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp_max_bits.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ecp_max_bits.txt diff --git a/ChangeLog.d/ecp_max_bits.txt b/ChangeLog.d/ecp_max_bits.txt new file mode 100644 index 0000000000..b952469196 --- /dev/null +++ b/ChangeLog.d/ecp_max_bits.txt @@ -0,0 +1,3 @@ +Removals + * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is + now determined automatically based on supported curves. From c5048db24ce555a55dd3d500ed622554e39687c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 22:51:48 +0200 Subject: [PATCH 09/26] Create xxx_alt.h headers for testing These headers define the context types that alternative implementations must provide. The context types are dummy types, suitable for building but not meant to be usable by an implementation. This is the output of the following script: ``` perl -0777 -ne ' m@^#if !defined\((MBEDTLS_\w+_ALT)\).*\n((?:.*\n)*?)#else.*\n#include "(.*_alt\.h)"\n#endif@m or next; $symbol = $1; $content = $2; $header = $3; $header_symbol = $header; $header_symbol =~ y/a-z./A-Z_/; m@/\*[ *\n]*Copyright .*?\*/@s or die; $copyright = $&; open OUT, ">tests/include/alt-dummy/$header" or die; $content =~ s@//.*@@mg; $content =~ s@/\*.*?\*/@@sg; $content =~ s@\{.*?\}@{\n int dummy;\n}@sg; $content =~ s@ +$@@mg; $content =~ s@\n{3,}@\n\n@g; $content =~ s@\A\n+@@; $content =~ s@\n*\Z@\n@; print OUT "/* $header with dummy types for $symbol */\n$copyright\n\n#ifndef $header_symbol\n#define $header_symbol\n\n$content\n\n#endif /* $header */\n" or die; close OUT or die; ' include/mbedtls/*.h ``` Signed-off-by: Gilles Peskine --- tests/include/alt-dummy/aes_alt.h | 37 ++++++++++++++++++++++ tests/include/alt-dummy/arc4_alt.h | 30 ++++++++++++++++++ tests/include/alt-dummy/aria_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/blowfish_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/camellia_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/ccm_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/chacha20_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/chachapoly_alt.h | 31 +++++++++++++++++++ tests/include/alt-dummy/cmac_alt.h | 28 +++++++++++++++++ tests/include/alt-dummy/des_alt.h | 36 ++++++++++++++++++++++ tests/include/alt-dummy/dhm_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/ecjpake_alt.h | 28 +++++++++++++++++ tests/include/alt-dummy/ecp_alt.h | 39 ++++++++++++++++++++++++ tests/include/alt-dummy/gcm_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/md2_alt.h | 30 ++++++++++++++++++ tests/include/alt-dummy/md4_alt.h | 30 ++++++++++++++++++ tests/include/alt-dummy/md5_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/nist_kw_alt.h | 27 ++++++++++++++++ tests/include/alt-dummy/platform_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/poly1305_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/ripemd160_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/rsa_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/sha1_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/sha256_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/sha512_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/timing_alt.h | 33 ++++++++++++++++++++ tests/include/alt-dummy/xtea_alt.h | 29 ++++++++++++++++++ 27 files changed, 813 insertions(+) create mode 100644 tests/include/alt-dummy/aes_alt.h create mode 100644 tests/include/alt-dummy/arc4_alt.h create mode 100644 tests/include/alt-dummy/aria_alt.h create mode 100644 tests/include/alt-dummy/blowfish_alt.h create mode 100644 tests/include/alt-dummy/camellia_alt.h create mode 100644 tests/include/alt-dummy/ccm_alt.h create mode 100644 tests/include/alt-dummy/chacha20_alt.h create mode 100644 tests/include/alt-dummy/chachapoly_alt.h create mode 100644 tests/include/alt-dummy/cmac_alt.h create mode 100644 tests/include/alt-dummy/des_alt.h create mode 100644 tests/include/alt-dummy/dhm_alt.h create mode 100644 tests/include/alt-dummy/ecjpake_alt.h create mode 100644 tests/include/alt-dummy/ecp_alt.h create mode 100644 tests/include/alt-dummy/gcm_alt.h create mode 100644 tests/include/alt-dummy/md2_alt.h create mode 100644 tests/include/alt-dummy/md4_alt.h create mode 100644 tests/include/alt-dummy/md5_alt.h create mode 100644 tests/include/alt-dummy/nist_kw_alt.h create mode 100644 tests/include/alt-dummy/platform_alt.h create mode 100644 tests/include/alt-dummy/poly1305_alt.h create mode 100644 tests/include/alt-dummy/ripemd160_alt.h create mode 100644 tests/include/alt-dummy/rsa_alt.h create mode 100644 tests/include/alt-dummy/sha1_alt.h create mode 100644 tests/include/alt-dummy/sha256_alt.h create mode 100644 tests/include/alt-dummy/sha512_alt.h create mode 100644 tests/include/alt-dummy/timing_alt.h create mode 100644 tests/include/alt-dummy/xtea_alt.h diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h new file mode 100644 index 0000000000..f226188fd3 --- /dev/null +++ b/tests/include/alt-dummy/aes_alt.h @@ -0,0 +1,37 @@ +/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AES_ALT_H +#define AES_ALT_H + +typedef struct mbedtls_aes_context +{ + int dummy; +} +mbedtls_aes_context; + +#if defined(MBEDTLS_CIPHER_MODE_XTS) + +typedef struct mbedtls_aes_xts_context +{ + int dummy; +} mbedtls_aes_xts_context; +#endif + + +#endif /* aes_alt.h */ diff --git a/tests/include/alt-dummy/arc4_alt.h b/tests/include/alt-dummy/arc4_alt.h new file mode 100644 index 0000000000..b8c2e86a00 --- /dev/null +++ b/tests/include/alt-dummy/arc4_alt.h @@ -0,0 +1,30 @@ +/* arc4_alt.h with dummy types for MBEDTLS_ARC4_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef ARC4_ALT_H +#define ARC4_ALT_H + +typedef struct mbedtls_arc4_context +{ + int dummy; +} +mbedtls_arc4_context; + + +#endif /* arc4_alt.h */ diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h new file mode 100644 index 0000000000..5f2335b8f4 --- /dev/null +++ b/tests/include/alt-dummy/aria_alt.h @@ -0,0 +1,29 @@ +/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ARIA_ALT_H +#define ARIA_ALT_H + +typedef struct mbedtls_aria_context +{ + int dummy; +} +mbedtls_aria_context; + + +#endif /* aria_alt.h */ diff --git a/tests/include/alt-dummy/blowfish_alt.h b/tests/include/alt-dummy/blowfish_alt.h new file mode 100644 index 0000000000..5a4f739d52 --- /dev/null +++ b/tests/include/alt-dummy/blowfish_alt.h @@ -0,0 +1,29 @@ +/* blowfish_alt.h with dummy types for MBEDTLS_BLOWFISH_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BLOWFISH_ALT_H +#define BLOWFISH_ALT_H + +typedef struct mbedtls_blowfish_context +{ + int dummy; +} +mbedtls_blowfish_context; + + +#endif /* blowfish_alt.h */ diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h new file mode 100644 index 0000000000..c23d1b4c0c --- /dev/null +++ b/tests/include/alt-dummy/camellia_alt.h @@ -0,0 +1,29 @@ +/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CAMELLIA_ALT_H +#define CAMELLIA_ALT_H + +typedef struct mbedtls_camellia_context +{ + int dummy; +} +mbedtls_camellia_context; + + +#endif /* camellia_alt.h */ diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h new file mode 100644 index 0000000000..dcb834ed6a --- /dev/null +++ b/tests/include/alt-dummy/ccm_alt.h @@ -0,0 +1,29 @@ +/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CCM_ALT_H +#define CCM_ALT_H + +typedef struct mbedtls_ccm_context +{ + int dummy; +} +mbedtls_ccm_context; + + +#endif /* ccm_alt.h */ diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h new file mode 100644 index 0000000000..7a5a25cab7 --- /dev/null +++ b/tests/include/alt-dummy/chacha20_alt.h @@ -0,0 +1,29 @@ +/* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHACHA20_ALT_H +#define CHACHA20_ALT_H + +typedef struct mbedtls_chacha20_context +{ + int dummy; +} +mbedtls_chacha20_context; + + +#endif /* chacha20_alt.h */ diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h new file mode 100644 index 0000000000..448517d7d8 --- /dev/null +++ b/tests/include/alt-dummy/chachapoly_alt.h @@ -0,0 +1,31 @@ +/* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHACHAPOLY_ALT_H +#define CHACHAPOLY_ALT_H + +#include "mbedtls/chacha20.h" + +typedef struct mbedtls_chachapoly_context +{ + int dummy; +} +mbedtls_chachapoly_context; + + +#endif /* chachapoly_alt.h */ diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h new file mode 100644 index 0000000000..4c9feee337 --- /dev/null +++ b/tests/include/alt-dummy/cmac_alt.h @@ -0,0 +1,28 @@ +/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CMAC_ALT_H +#define CMAC_ALT_H + +struct mbedtls_cmac_context_t +{ + int dummy; +}; + + +#endif /* cmac_alt.h */ diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h new file mode 100644 index 0000000000..e5a0bd3aae --- /dev/null +++ b/tests/include/alt-dummy/des_alt.h @@ -0,0 +1,36 @@ +/* des_alt.h with dummy types for MBEDTLS_DES_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef DES_ALT_H +#define DES_ALT_H + +typedef struct mbedtls_des_context +{ + int dummy; +} +mbedtls_des_context; + +typedef struct mbedtls_des3_context +{ + int dummy; +} +mbedtls_des3_context; + + +#endif /* des_alt.h */ diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h new file mode 100644 index 0000000000..6289a41db2 --- /dev/null +++ b/tests/include/alt-dummy/dhm_alt.h @@ -0,0 +1,29 @@ +/* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DHM_ALT_H +#define DHM_ALT_H + +typedef struct mbedtls_dhm_context +{ + int dummy; +} +mbedtls_dhm_context; + + +#endif /* dhm_alt.h */ diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h new file mode 100644 index 0000000000..8de0fcf8e2 --- /dev/null +++ b/tests/include/alt-dummy/ecjpake_alt.h @@ -0,0 +1,28 @@ +/* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ECJPAKE_ALT_H +#define ECJPAKE_ALT_H + +typedef struct mbedtls_ecjpake_context +{ + int dummy; +} mbedtls_ecjpake_context; + + +#endif /* ecjpake_alt.h */ diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h new file mode 100644 index 0000000000..3628bb3da1 --- /dev/null +++ b/tests/include/alt-dummy/ecp_alt.h @@ -0,0 +1,39 @@ +/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ECP_ALT_H +#define ECP_ALT_H + +typedef struct mbedtls_ecp_group +{ + int dummy; +} +mbedtls_ecp_group; + +#if !defined(MBEDTLS_ECP_WINDOW_SIZE) + +#define MBEDTLS_ECP_WINDOW_SIZE 6 +#endif + +#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) + +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 +#endif + + +#endif /* ecp_alt.h */ diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h new file mode 100644 index 0000000000..94986ff485 --- /dev/null +++ b/tests/include/alt-dummy/gcm_alt.h @@ -0,0 +1,29 @@ +/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GCM_ALT_H +#define GCM_ALT_H + +typedef struct mbedtls_gcm_context +{ + int dummy; +} +mbedtls_gcm_context; + + +#endif /* gcm_alt.h */ diff --git a/tests/include/alt-dummy/md2_alt.h b/tests/include/alt-dummy/md2_alt.h new file mode 100644 index 0000000000..70c7f15190 --- /dev/null +++ b/tests/include/alt-dummy/md2_alt.h @@ -0,0 +1,30 @@ +/* md2_alt.h with dummy types for MBEDTLS_MD2_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MD2_ALT_H +#define MD2_ALT_H + +typedef struct mbedtls_md2_context +{ + int dummy; +} +mbedtls_md2_context; + + +#endif /* md2_alt.h */ diff --git a/tests/include/alt-dummy/md4_alt.h b/tests/include/alt-dummy/md4_alt.h new file mode 100644 index 0000000000..db13f3d8db --- /dev/null +++ b/tests/include/alt-dummy/md4_alt.h @@ -0,0 +1,30 @@ +/* md4_alt.h with dummy types for MBEDTLS_MD4_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MD4_ALT_H +#define MD4_ALT_H + +typedef struct mbedtls_md4_context +{ + int dummy; +} +mbedtls_md4_context; + + +#endif /* md4_alt.h */ diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h new file mode 100644 index 0000000000..c1191479dc --- /dev/null +++ b/tests/include/alt-dummy/md5_alt.h @@ -0,0 +1,29 @@ +/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MD5_ALT_H +#define MD5_ALT_H + +typedef struct mbedtls_md5_context +{ + int dummy; +} +mbedtls_md5_context; + + +#endif /* md5_alt.h */ diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h new file mode 100644 index 0000000000..8fec116be6 --- /dev/null +++ b/tests/include/alt-dummy/nist_kw_alt.h @@ -0,0 +1,27 @@ +/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NIST_KW_ALT_H +#define NIST_KW_ALT_H + +typedef struct { + int dummy; +} mbedtls_nist_kw_context; + + +#endif /* nist_kw_alt.h */ diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h new file mode 100644 index 0000000000..2bf712de76 --- /dev/null +++ b/tests/include/alt-dummy/platform_alt.h @@ -0,0 +1,29 @@ +/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PLATFORM_ALT_H +#define PLATFORM_ALT_H + +typedef struct mbedtls_platform_context +{ + int dummy; +} +mbedtls_platform_context; + + +#endif /* platform_alt.h */ diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h new file mode 100644 index 0000000000..b8c12104a4 --- /dev/null +++ b/tests/include/alt-dummy/poly1305_alt.h @@ -0,0 +1,29 @@ +/* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef POLY1305_ALT_H +#define POLY1305_ALT_H + +typedef struct mbedtls_poly1305_context +{ + int dummy; +} +mbedtls_poly1305_context; + + +#endif /* poly1305_alt.h */ diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h new file mode 100644 index 0000000000..722aeeb5dc --- /dev/null +++ b/tests/include/alt-dummy/ripemd160_alt.h @@ -0,0 +1,29 @@ +/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RIPEMD160_ALT_H +#define RIPEMD160_ALT_H + +typedef struct mbedtls_ripemd160_context +{ + int dummy; +} +mbedtls_ripemd160_context; + + +#endif /* ripemd160_alt.h */ diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h new file mode 100644 index 0000000000..ae80dbaa44 --- /dev/null +++ b/tests/include/alt-dummy/rsa_alt.h @@ -0,0 +1,29 @@ +/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RSA_ALT_H +#define RSA_ALT_H + +typedef struct mbedtls_rsa_context +{ + int dummy; +} +mbedtls_rsa_context; + + +#endif /* rsa_alt.h */ diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h new file mode 100644 index 0000000000..df2990b5bc --- /dev/null +++ b/tests/include/alt-dummy/sha1_alt.h @@ -0,0 +1,29 @@ +/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA1_ALT_H +#define SHA1_ALT_H + +typedef struct mbedtls_sha1_context +{ + int dummy; +} +mbedtls_sha1_context; + + +#endif /* sha1_alt.h */ diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h new file mode 100644 index 0000000000..7e501ed91a --- /dev/null +++ b/tests/include/alt-dummy/sha256_alt.h @@ -0,0 +1,29 @@ +/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA256_ALT_H +#define SHA256_ALT_H + +typedef struct mbedtls_sha256_context +{ + int dummy; +} +mbedtls_sha256_context; + + +#endif /* sha256_alt.h */ diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h new file mode 100644 index 0000000000..45c9599235 --- /dev/null +++ b/tests/include/alt-dummy/sha512_alt.h @@ -0,0 +1,29 @@ +/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA512_ALT_H +#define SHA512_ALT_H + +typedef struct mbedtls_sha512_context +{ + int dummy; +} +mbedtls_sha512_context; + + +#endif /* sha512_alt.h */ diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h new file mode 100644 index 0000000000..f2da154f12 --- /dev/null +++ b/tests/include/alt-dummy/timing_alt.h @@ -0,0 +1,33 @@ +/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TIMING_ALT_H +#define TIMING_ALT_H + +struct mbedtls_timing_hr_time +{ + int dummy; +}; + +typedef struct mbedtls_timing_delay_context +{ + int dummy; +} mbedtls_timing_delay_context; + + +#endif /* timing_alt.h */ diff --git a/tests/include/alt-dummy/xtea_alt.h b/tests/include/alt-dummy/xtea_alt.h new file mode 100644 index 0000000000..cb21a3a548 --- /dev/null +++ b/tests/include/alt-dummy/xtea_alt.h @@ -0,0 +1,29 @@ +/* xtea_alt.h with dummy types for MBEDTLS_XTEA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef XTEA_ALT_H +#define XTEA_ALT_H + +typedef struct mbedtls_xtea_context +{ + int dummy; +} +mbedtls_xtea_context; + + +#endif /* xtea_alt.h */ From a0ebaefef96535023da623a587b9c3286c3137b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 23:17:57 +0200 Subject: [PATCH 10/26] Create threading_alt.h header for testing Follow-up to "Create xxx_alt.h headers for testing". The inclusion of threading_alt.h in include/mbedtls/threading.h does not follow the same pattern as the others so it was missed by the script. Signed-off-by: Gilles Peskine --- tests/include/alt-dummy/threading_alt.h | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 tests/include/alt-dummy/threading_alt.h diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h new file mode 100644 index 0000000000..ff2fed5e2a --- /dev/null +++ b/tests/include/alt-dummy/threading_alt.h @@ -0,0 +1,27 @@ +/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef THREADING_ALT_H +#define THREADING_ALT_H + +typedef struct mbedtls_threading_mutex_t +{ + int dummy; +} mbedtls_threading_mutex_t; + +#endif /* threading_alt.h */ From 8e90cf49ca3a305aff9af32d5f52534866f37887 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 22:12:57 +0200 Subject: [PATCH 11/26] config.py: new command line commands set-all and unset-all The new method `Config.change_matching` and the new command-line commands `set-all` and `unset-all` change a batch of existing boolean settings to the desired state (active or inactive). Signed-off-by: Gilles Peskine --- scripts/config.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/scripts/config.py b/scripts/config.py index b85745a2ab..e27f322707 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -147,6 +147,15 @@ class Config: setting.active = adapter(setting.name, setting.active, setting.section) + def change_matching(self, regexs, enable): + """Change all symbols matching one of the regexs to the desired state.""" + if not regexs: + return + regex = re.compile('|'.join(regexs)) + for setting in self.settings.values(): + if regex.search(setting.name): + setting.active = enable + def is_full_section(section): """Is this section affected by "config.py full" and friends?""" return section.endswith('support') or section.endswith('modules') @@ -454,11 +463,21 @@ if __name__ == '__main__': parser_set.add_argument('symbol', metavar='SYMBOL') parser_set.add_argument('value', metavar='VALUE', nargs='?', default='') + parser_set_all = subparsers.add_parser('set-all', + help="""Uncomment all #define + whose name contains a match for + REGEX.""") + parser_set_all.add_argument('regexs', metavar='REGEX', nargs='*') parser_unset = subparsers.add_parser('unset', help="""Comment out the #define for SYMBOL. Do nothing if none is present.""") parser_unset.add_argument('symbol', metavar='SYMBOL') + parser_unset_all = subparsers.add_parser('unset-all', + help="""Comment out all #define + whose name contains a match for + REGEX.""") + parser_unset_all.add_argument('regexs', metavar='REGEX', nargs='*') def add_adapter(name, function, description): subparser = subparsers.add_parser(name, help=description) @@ -505,8 +524,12 @@ if __name__ == '__main__': .format(args.symbol, config.filename)) return 1 config.set(args.symbol, value=args.value) + elif args.command == 'set-all': + config.change_matching(args.regexs, True) elif args.command == 'unset': config.unset(args.symbol) + elif args.command == 'unset-all': + config.change_matching(args.regexs, False) else: config.adapt(args.adapter) config.write(args.write) From cc73cc55e806349c9ad824a53310eed15bc715a2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 May 2021 09:04:46 +0200 Subject: [PATCH 12/26] Test the build with whole-module alternative implementations Use headers defining dummy context types. The test does not pass yet. I plan to fix this in subsequent commits. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2df65a5b4e..53b4e250e8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1364,6 +1364,26 @@ component_build_default_make_gcc_and_cxx () { make TEST_CPP=1 } +component_build_module_alt () { + msg "build: MBEDTLS_XXX_ALT" # ~30s + scripts/config.py full + # Disable options that are incompatible with some ALT implementations. + # aesni.c and padlock.c reference mbedtls_aes_context fields directly. + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + # The debug code accesses DHM context fields directly, so it is + # incompatible with MBEDTLS_DHM_ALT. + scripts/config.py unset MBEDTLS_DEBUG_C + # You can only have one threading implementation: alt or pthread, not both. + scripts/config.py unset MBEDTLS_THREADING_PTHREAD + # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable + # MBEDTLS_XXX_YYY_ALT which are for single functions. + scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' + # We can only compile, not link, since we don't have any implementations + # suitable for testing with the dummy alt headers. + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib +} + component_test_no_use_psa_crypto_full_cmake_asan() { # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" From d41d59e9006c01fa8783ccfea168bf9e6e0820dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 May 2021 09:19:45 +0200 Subject: [PATCH 13/26] Timing: support ALT implementations in self-test Don't assume that the context has a timer field if MBEDTLS_TIMING_ALT is defined. Signed-off-by: Gilles Peskine --- library/timing.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/library/timing.c b/library/timing.c index eb41461320..664fde0827 100644 --- a/library/timing.c +++ b/library/timing.c @@ -387,6 +387,21 @@ static void busy_msleep( unsigned long msec ) (void) j; } +static void print_timers( struct mbedtls_timing_hr_time *hires, + mbedtls_timing_delay_context *ctx ) +{ +#if defined(MBEDTLS_TIMING_ALT) + mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=?? status(ctx)=%d\n", + mbedtls_timing_get_timer( hires, 0 ), + mbedtls_timing_get_delay( ctx ) ); +#else + mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", + mbedtls_timing_get_timer( hires, 0 ), + mbedtls_timing_get_timer( &ctx->timer, 0 ), + mbedtls_timing_get_delay( ctx ) ); +#endif +} + #define FAIL do \ { \ if( verbose != 0 ) \ @@ -395,10 +410,7 @@ static void busy_msleep( unsigned long msec ) mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ cycles, ratio, millisecs, secs, hardfail, \ (unsigned long) a, (unsigned long) b ); \ - mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \ - mbedtls_timing_get_timer( &hires, 0 ), \ - mbedtls_timing_get_timer( &ctx.timer, 0 ), \ - mbedtls_timing_get_delay( &ctx ) ); \ + print_timers( &hires, &ctx ); \ } \ return( 1 ); \ } while( 0 ) From 85b1bc65a0f84aa6e453f316ce73e778b2cf8717 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 May 2021 09:20:26 +0200 Subject: [PATCH 14/26] pk_debug: build with RSA_ALT implementations When MBEDTLS_RSA_ALT is defined, mbedtls_rsa_context does not necessarily have fields called N and E of type mbedtls_mpi. Don't emit pk_debug information with MBEDTLS_RSA_ALT. This is not ideal but at least the library compiles. Signed-off-by: Gilles Peskine --- library/pk_wrap.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index ec0ff45ccb..7c317c52d3 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -178,6 +178,11 @@ static void rsa_free_wrap( void *ctx ) static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) { +#if defined(MBEDTLS_RSA_ALT) + /* Not supported */ + (void) ctx; + (void) items; +#else items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.N"; items->value = &( ((mbedtls_rsa_context *) ctx)->N ); @@ -187,6 +192,7 @@ static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.E"; items->value = &( ((mbedtls_rsa_context *) ctx)->E ); +#endif } const mbedtls_pk_info_t mbedtls_rsa_info = { From 487bbf68053143cdcb27cc60a91caf7738d86b68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 22:17:07 +0200 Subject: [PATCH 15/26] DHM: new functions to query the length of the modulus Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to query the length of the modulus in bytes or bits. Remove the len field: the cost of calling mbedtls_dhm_get_len() each time it's needed is negligible, and this improves the abstraction of the DHM module. Signed-off-by: Gilles Peskine --- ChangeLog.d/dhm-fields.txt | 7 +++++++ include/mbedtls/dhm.h | 21 ++++++++++++++++++++- library/dhm.c | 23 +++++++++++++---------- library/ssl_cli.c | 10 +++++----- library/ssl_srv.c | 2 +- programs/pkey/dh_client.c | 7 ++++--- programs/pkey/dh_server.c | 4 ++-- programs/test/benchmark.c | 7 ++++--- tests/suites/test_suite_dhm.function | 3 ++- 9 files changed, 58 insertions(+), 26 deletions(-) create mode 100644 ChangeLog.d/dhm-fields.txt diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt new file mode 100644 index 0000000000..620e3dc9ac --- /dev/null +++ b/ChangeLog.d/dhm-fields.txt @@ -0,0 +1,7 @@ +Features + * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() + query the size of the modulus in a Diffie-Hellman context. + +API changes + * Instead of accessing the len field of a DHM context, which is no longer + supported, use the new function mbedtls_dhm_get_len() . diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 6c8ca037c5..3f7206e3b5 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -96,7 +96,6 @@ extern "C" { */ typedef struct mbedtls_dhm_context { - size_t MBEDTLS_PRIVATE(len); /*!< The size of \p P in Bytes. */ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */ @@ -282,6 +281,26 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief This function returns the size of the prime modulus in bits. + * + * \param ctx The DHM context to query. + * + * \return The size of the prime modulus in bits, + * i.e. the number n such that 2^(n-1) <= P < 2^n. + */ +size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ); + +/** + * \brief This function returns the size of the prime modulus in bytes. + * + * \param ctx The DHM context to query. + * + * \return The size of the prime modulus in bytes, + * i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n). + */ +size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); + /** * \brief This function frees and clears the components * of a DHM context. diff --git a/library/dhm.c b/library/dhm.c index accd5a85cf..2543be1949 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -124,6 +124,16 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); } +size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ) +{ + return( mbedtls_mpi_bitlen( &ctx->P ) ); +} + +size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ) +{ + return( mbedtls_mpi_size( &ctx->P ) ); +} + /* * Parse the ServerKeyExchange parameters */ @@ -144,8 +154,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) return( ret ); - ctx->len = mbedtls_mpi_size( &ctx->P ); - return( 0 ); } @@ -247,8 +255,6 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, *olen = p - output; - ctx->len = n1; - cleanup: if( ret != 0 && ret > -128 ) ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ); @@ -273,7 +279,6 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) ); } - ctx->len = mbedtls_mpi_size( &ctx->P ); return( 0 ); } @@ -287,7 +292,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( input != NULL ); - if( ilen < 1 || ilen > ctx->len ) + if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) @@ -309,7 +314,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( f_rng != NULL ); - if( olen < 1 || olen > ctx->len ) + if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); ret = dhm_make_common( ctx, x_size, f_rng, p_rng ); @@ -408,7 +413,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( olen != NULL ); - if( output_size < ctx->len ) + if( output_size < mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) @@ -564,8 +569,6 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, ret = 0; - dhm->len = mbedtls_mpi_size( &dhm->P ); - exit: #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_free( &pem ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 12ed0fbb27..1bacd64978 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2553,7 +2553,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, return( ret ); } - dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P ); + dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx ); if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", @@ -3588,14 +3588,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) /* * DHM key exchange -- send G^X mod P */ - content_len = ssl->handshake->dhm_ctx.len; + content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ); ssl->out_msg[4] = (unsigned char)( content_len >> 8 ); ssl->out_msg[5] = (unsigned char)( content_len ); header_len = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), &ssl->out_msg[header_len], content_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) @@ -3848,7 +3848,7 @@ ecdh_calc_secret: /* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */ - content_len = ssl->handshake->dhm_ctx.len; + content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ); if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) @@ -3862,7 +3862,7 @@ ecdh_calc_secret: ssl->out_msg[header_len++] = (unsigned char)( content_len ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), &ssl->out_msg[header_len], content_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 4fe6b02f10..cf4b7c5e5e 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3049,7 +3049,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), ssl->out_msg + ssl->out_msglen, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 101b0bbb69..d68dc24778 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -192,7 +192,8 @@ int main( void ) goto exit; } - if( dhm.MBEDTLS_PRIVATE(len) < 64 || dhm.MBEDTLS_PRIVATE(len) > 512 ) + n = mbedtls_dhm_get_len( &dhm ); + if( n < 64 || n > 512 ) { mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); goto exit; @@ -232,8 +233,8 @@ int main( void ) mbedtls_printf( "\n . Sending own public value to server" ); fflush( stdout ); - n = dhm.MBEDTLS_PRIVATE(len); - if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.MBEDTLS_PRIVATE(len), buf, n, + n = mbedtls_dhm_get_len( &dhm ); + if( ( ret = mbedtls_dhm_make_public( &dhm, (int) n, buf, n, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 745e68a944..9d51c14a8f 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -254,14 +254,14 @@ int main( void ) memset( buf, 0, sizeof( buf ) ); - n = dhm.MBEDTLS_PRIVATE(len); + n = mbedtls_dhm_get_len( &dhm ); if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); goto exit; } - if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.MBEDTLS_PRIVATE(len) ) ) != 0 ) + if( ( ret = mbedtls_dhm_read_public( &dhm, buf, n ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret ); goto exit; diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e580fb248e..148e6da472 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -827,6 +827,7 @@ int main( int argc, char *argv[] ) mbedtls_dhm_context dhm; size_t olen; + size_t n; for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ ) { mbedtls_dhm_init( &dhm ); @@ -839,14 +840,14 @@ int main( int argc, char *argv[] ) mbedtls_exit( 1 ); } - dhm.len = mbedtls_mpi_size( &dhm.P ); - mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL ); + n = mbedtls_mpi_size( &dhm.P ); + mbedtls_dhm_make_public( &dhm, (int) n, buf, n, myrand, NULL ); if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 ) mbedtls_exit( 1 ); mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] ); TIME_PUBLIC( title, "handshake", - ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, + ret |= mbedtls_dhm_make_public( &dhm, (int) n, buf, n, myrand, NULL ); ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index c4d78def6f..7e01eb71fe 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -229,7 +229,8 @@ void dhm_file( char * filename, char * p, char * g, int len ) TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 ); - TEST_ASSERT( ctx.len == (size_t) len ); + TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len ); + TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 ); From 71acc6e8d97dd6e4e3e3bbf5c99f1bcb2212ead7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 22:50:53 +0200 Subject: [PATCH 16/26] New function mbedtls_dhm_get_value to copy a field of a DHM context Reduce the need to break the DHM abstraction by accessing the context directly. Signed-off-by: Gilles Peskine --- ChangeLog.d/dhm-fields.txt | 2 ++ include/mbedtls/dhm.h | 27 ++++++++++++++++++++ library/dhm.c | 31 +++++++++++++++++++++++ library/ssl_tls.c | 6 +++-- tests/suites/test_suite_dhm.function | 37 ++++++++++++++++++++++++++-- 5 files changed, 99 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt index 620e3dc9ac..4d5c751fba 100644 --- a/ChangeLog.d/dhm-fields.txt +++ b/ChangeLog.d/dhm-fields.txt @@ -1,6 +1,8 @@ Features * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() query the size of the modulus in a Diffie-Hellman context. + * The new function mbedtls_dhm_get_value() copy a field out of a + Diffie-Hellman context. API changes * Instead of accessing the len field of a DHM context, which is no longer diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 3f7206e3b5..6c319f8047 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -85,6 +85,17 @@ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ #define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */ +/** Which parameter to access in mbedtls_dhm_get_value(). */ +typedef enum +{ + MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */ + MBEDTLS_DHM_PARAM_G, /*!< The generator. */ + MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */ + MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */ + MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */ + MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */ +} mbedtls_dhm_parameter; + #ifdef __cplusplus extern "C" { #endif @@ -301,6 +312,22 @@ size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ); */ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); +/** + * \brief This function copies a parameter of a DHM key. + * + * \param dest The MPI object to copy the value into. It must be + * initialized. + * \param ctx The DHM context to query. + * \param param The parameter to copy. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid. + * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails. + */ +int mbedtls_dhm_get_value( mbedtls_mpi *dest, + const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param ); + /** * \brief This function frees and clears the components * of a DHM context. diff --git a/library/dhm.c b/library/dhm.c index 2543be1949..cb9299faba 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -134,6 +134,37 @@ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ) return( mbedtls_mpi_size( &ctx->P ) ); } +int mbedtls_dhm_get_value( mbedtls_mpi *dest, + const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param ) +{ + const mbedtls_mpi *src = NULL; + switch( param ) + { + case MBEDTLS_DHM_PARAM_P: + src = &ctx->P; + break; + case MBEDTLS_DHM_PARAM_G: + src = &ctx->G; + break; + case MBEDTLS_DHM_PARAM_X: + src = &ctx->X; + break; + case MBEDTLS_DHM_PARAM_GX: + src = &ctx->GX; + break; + case MBEDTLS_DHM_PARAM_GY: + src = &ctx->GY; + break; + case MBEDTLS_DHM_PARAM_K: + src = &ctx->K; + break; + default: + return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + } + return( mbedtls_mpi_copy( dest, src ) ); +} + /* * Parse the ServerKeyExchange parameters */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3bdc1cfa4a..bef686403d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3871,8 +3871,10 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) + if( ( ret = mbedtls_dhm_get_value( &conf->dhm_P, dhm_ctx, + MBEDTLS_DHM_PARAM_P ) ) != 0 || + ( ret = mbedtls_dhm_get_value( &conf->dhm_G, dhm_ctx, + MBEDTLS_DHM_PARAM_G ) ) != 0 ) { mbedtls_mpi_free( &conf->dhm_P ); mbedtls_mpi_free( &conf->dhm_G ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 7e01eb71fe..d48c4e38e6 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -1,6 +1,23 @@ /* BEGIN_HEADER */ #include "mbedtls/dhm.h" +int check_get_value( const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param, + const mbedtls_mpi *expected ) +{ + mbedtls_mpi actual; + int ok = 0; + mbedtls_mpi_init( &actual ); + + TEST_ASSERT( mbedtls_dhm_get_value( &actual, ctx, param ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 ); + ok = 1; + +exit: + mbedtls_mpi_free( &actual ); + return( ok ); +} + /* Sanity checks on a Diffie-Hellman parameter: check the length-value * syntax and check that the value is the expected one (taken from the * DHM context by the caller). */ @@ -102,6 +119,8 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 ); pub_cli_len = mbedtls_mpi_size( &ctx_srv.P ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) ); /* * First key exchange @@ -118,6 +137,9 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); + /* The domain parameters must be the same on both side. */ + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) ); + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) ); TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, @@ -134,6 +156,17 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 ); + /* Internal value checks */ + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_X, &ctx_cli.X ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_X, &ctx_srv.X ) ); + /* Cross-checks */ + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GX, &ctx_srv.GY ) ); + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GY, &ctx_srv.GX ) ); + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_K, &ctx_srv.K ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GX, &ctx_cli.GY ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GY, &ctx_cli.GX ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_K, &ctx_cli.K ) ); + /* Re-do calc_secret on server a few times to test update of blinding values */ for( i = 0; i < 3; i++ ) { @@ -231,8 +264,8 @@ void dhm_file( char * filename, char * p, char * g, int len ) TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len ); TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 ); + TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_P, &P ) ); + TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_G, &G ) ); exit: mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G ); From cd07e22048e650562873b9ee76f3e690fb6d9516 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 23:17:34 +0200 Subject: [PATCH 17/26] New function mbedtls_ecjpake_set_point_format Use this instead of accessing the field directly. Signed-off-by: Gilles Peskine --- ChangeLog.d/ecjpake-point_format.txt | 4 ++++ include/mbedtls/ecjpake.h | 15 +++++++++++++++ library/ecjpake.c | 14 ++++++++++++++ library/ssl_cli.c | 3 ++- library/ssl_srv.c | 3 ++- 5 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/ecjpake-point_format.txt diff --git a/ChangeLog.d/ecjpake-point_format.txt b/ChangeLog.d/ecjpake-point_format.txt new file mode 100644 index 0000000000..6e05b23393 --- /dev/null +++ b/ChangeLog.d/ecjpake-point_format.txt @@ -0,0 +1,4 @@ +Features + * Use the new function mbedtls_ecjpake_set_point_format() to select the + point format for ECJPAKE instead of accessing the point_format field + directly, which is no longer supported. diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 0c8e8c9274..27a091d501 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -131,6 +131,21 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, const unsigned char *secret, size_t len ); +/** + * \brief Set the point format for future reads and writes. + * + * \param ctx The ECJPAKE context to configure. + * \param point_format The point format to use: + * #MBEDTLS_ECP_PF_UNCOMPRESSED (default) + * or #MBEDTLS_ECP_PF_COMPRESSED. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format + * is invalid. + */ +int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx, + int point_format ); + /** * \brief Check if an ECJPAKE context is ready for use. * diff --git a/library/ecjpake.c b/library/ecjpake.c index 464ff51cca..de43ddb703 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -128,6 +128,20 @@ cleanup: return( ret ); } +int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx, + int point_format ) +{ + switch( point_format ) + { + case MBEDTLS_ECP_PF_UNCOMPRESSED: + case MBEDTLS_ECP_PF_COMPRESSED: + ctx->point_format = point_format; + return( 0 ); + default: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } +} + /* * Check if context is ready for use */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1bacd64978..9a441385d2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1663,7 +1663,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl->handshake->ecjpake_ctx.point_format = p[0]; + mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, + p[0] ); #endif MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); return( 0 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index cf4b7c5e5e..d9ad607cd0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -407,7 +407,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl->handshake->ecjpake_ctx.point_format = p[0]; + mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, + p[0] ); #endif MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); return( 0 ); From bf69ea5b8f882af439ac3b288b7063ce6757e730 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 23:53:07 +0200 Subject: [PATCH 18/26] Make some fields of mbedtls_ecp_group public The Mbed TLS code relies heavily on reading certain fields of mbedtls_ecp_group directly. Make these fields public. Require that MBEDTLS_ECP_ALT alternative implementations have them. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 32 ++++++++++++++++++++------------ programs/pkey/ecdsa.c | 2 +- programs/pkey/gen_key.c | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 61d29a99a2..49e85d9419 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -206,25 +206,33 @@ mbedtls_ecp_point; * additions or subtractions. Therefore, it is only an approximative modular * reduction. It must return 0 on success and non-zero on failure. * - * \note Alternative implementations must keep the group IDs distinct. If - * two group structures have the same ID, then they must be - * identical. - * + * \note Alternative implementations of the ECP module must obey the + * following constraints. + * * Group IDs must be distinct: if two group structures have + * the same ID, then they must be identical. + * * The fields \c id, \c P, \c A, \c B, \c G, \c N, + * \c pbits and \c nbits must have the same type and semantics + * as in the built-in implementation. + * They must be available for reading, but direct modification + * of these fields does not need to be supported. + * They do not need to be at the same offset in the structure. */ typedef struct mbedtls_ecp_group { - mbedtls_ecp_group_id MBEDTLS_PRIVATE(id); /*!< An internal group identifier. */ - mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus of the base field. */ - mbedtls_mpi MBEDTLS_PRIVATE(A); /*!< For Short Weierstrass: \p A in the equation. For + mbedtls_ecp_group_id id; /*!< An internal group identifier. */ + mbedtls_mpi P; /*!< The prime modulus of the base field. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi MBEDTLS_PRIVATE(B); /*!< For Short Weierstrass: \p B in the equation. + mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(G); /*!< The generator of the subgroup used. */ - mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The order of \p G. */ - size_t MBEDTLS_PRIVATE(pbits); /*!< The number of bits in \p P.*/ - size_t MBEDTLS_PRIVATE(nbits); /*!< For Short Weierstrass: The number of bits in \p P. + mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ + mbedtls_mpi N; /*!< The order of \p G. */ + size_t pbits; /*!< The number of bits in \p P.*/ + size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys. */ + /* End of public fields */ + unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */ int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 3dacd75d31..3dd85bf90a 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -156,7 +156,7 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(pbits) ); + mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits ); dump_pubkey( " + Public key: ", &ctx_sign ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 9ad1190fc7..941553012e 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -395,7 +395,7 @@ int main( int argc, char *argv[] ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_printf( "curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(id) )->MBEDTLS_PRIVATE(name) ); + mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) ); mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ); mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ); mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ); From ad7f53cdb35644304350b077a9ac11e5ec588036 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:20:30 +0200 Subject: [PATCH 19/26] Define public fields of mbedtls_ecp_group in alt test header And don't define configuration macros that only apply to the built-in implementation. Signed-off-by: Gilles Peskine --- tests/include/alt-dummy/ecp_alt.h | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h index 3628bb3da1..d263871c48 100644 --- a/tests/include/alt-dummy/ecp_alt.h +++ b/tests/include/alt-dummy/ecp_alt.h @@ -21,19 +21,15 @@ typedef struct mbedtls_ecp_group { - int dummy; + const mbedtls_ecp_group_id id; + const mbedtls_mpi P; + const mbedtls_mpi A; + const mbedtls_mpi B; + const mbedtls_ecp_point G; + const mbedtls_mpi N; + const size_t pbits; + const size_t nbits; } mbedtls_ecp_group; -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) - -#define MBEDTLS_ECP_WINDOW_SIZE 6 -#endif - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) - -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -#endif - - #endif /* ecp_alt.h */ From 5c3f18d37cc46b102218f2857a7db694aee76f43 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:21:12 +0200 Subject: [PATCH 20/26] MBEDTLS_PK_PARSE_EC_EXTENDED is incompatible with MBEDTLS_ECP_ALT ... unless the alt implementation defines a group structure that's mostly compatible with the built-in one and supports partially filled group structures in the same way. It would be possible to rewrite the SpecifiedECDomain parsing code to avoid requiring support for partially filled group structures, but that's too complicated to do now. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 53b4e250e8..6f1f9c31ce 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1376,6 +1376,9 @@ component_build_module_alt () { scripts/config.py unset MBEDTLS_DEBUG_C # You can only have one threading implementation: alt or pthread, not both. scripts/config.py unset MBEDTLS_THREADING_PTHREAD + # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields + # directly and assumes the implementation works with partial groups. + scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable # MBEDTLS_XXX_YYY_ALT which are for single functions. scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' From 1628a9c1405eb69f5abd6e1a91d25d76a9da68fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 22:09:58 +0200 Subject: [PATCH 21/26] MBEDTLS_DEBUG_C is compatible with every whole-module ALT except DHM It would be possible to make SSL debugging compatible with MBEDTLS_DHM_ALT, but too much low-priority work right now, so don't require it. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6f1f9c31ce..1423099571 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1371,9 +1371,6 @@ component_build_module_alt () { # aesni.c and padlock.c reference mbedtls_aes_context fields directly. scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C - # The debug code accesses DHM context fields directly, so it is - # incompatible with MBEDTLS_DHM_ALT. - scripts/config.py unset MBEDTLS_DEBUG_C # You can only have one threading implementation: alt or pthread, not both. scripts/config.py unset MBEDTLS_THREADING_PTHREAD # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields @@ -1382,6 +1379,18 @@ component_build_module_alt () { # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable # MBEDTLS_XXX_YYY_ALT which are for single functions. scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' + scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C + # We can only compile, not link, since we don't have any implementations + # suitable for testing with the dummy alt headers. + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib +} + +component_build_dhm_alt () { + msg "build: MBEDTLS_DHM_ALT" # ~30s + scripts/config.py full + scripts/config.py set MBEDTLS_DHM_ALT + # debug.c currently references mbedtls_dhm_context fields directly. + scripts/config.py unset MBEDTLS_DEBUG_C # We can only compile, not link, since we don't have any implementations # suitable for testing with the dummy alt headers. make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib From f35c42bdb9c1f4aced727d52534552a8f9f5ce68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 23:30:01 +0200 Subject: [PATCH 22/26] Document the remaining constraints on ALT context types Signed-off-by: Gilles Peskine --- ChangeLog.d/alt-context-relaxation.txt | 6 ++++++ docs/architecture/alternative-implementations.md | 11 +++++++++++ 2 files changed, 17 insertions(+) create mode 100644 ChangeLog.d/alt-context-relaxation.txt diff --git a/ChangeLog.d/alt-context-relaxation.txt b/ChangeLog.d/alt-context-relaxation.txt new file mode 100644 index 0000000000..10fd476192 --- /dev/null +++ b/ChangeLog.d/alt-context-relaxation.txt @@ -0,0 +1,6 @@ +Features + * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing + modules had undocumented constraints on their context types. These + constraints have been relaxed. + See docs/architecture/alternative-implementations.md for the remaining + constraints. diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index 7b8b65ef34..4c4a2ad1b3 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -40,6 +40,17 @@ The general principle of an alternative implementation is: See https://tls.mbed.org/kb/development/hw_acc_guidelines for a more detailed guide. +### Constraints on context types + +Generally, alternative implementations can define their context types to any C type except incomplete and array types (although they would normally be `struct` types). This section lists some known limitations where the context type needs to be a structure with certain fields. + +Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`. + +* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. +* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`. +* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. + * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. + ## Function alternative implementations In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). From a71db94c66b1be240e4b8af58fd4466ddc3b827b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 1 Jun 2021 21:30:51 +0200 Subject: [PATCH 23/26] Document that contexts must be movable Fix #4451. Signed-off-by: Gilles Peskine --- docs/architecture/alternative-implementations.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index 4c4a2ad1b3..bd8450553b 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -51,6 +51,18 @@ Where a context type needs to have a certain field, the field must have the same * ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. +It must be possible to move a context object in memory (except during the execution of a library function that takes this context as an argument). (This is necessary, for example, to support applications that populate a context on the stack of an inner function and then copy the context upwards through the call chain, or applications written in a language with automatic memory management that can move objects on the heap.) That is, call sequences like the following must work: +``` +mbedtls_xxx_context ctx1, ctx2; +mbedtls_xxx_init(&ctx1); +mbedtls_xxx_setup(&ctx1, …); +ctx2 = ctx1; +memset(&ctx1, 0, sizeof(ctx1)); +mbedtls_xxx_do_stuff(&ctx2, …); +mbedtls_xxx_free(&ctx2); +``` +In practice, this means that a pointer to a context or to a part of a context does not remain valid across function calls. Alternative implementations do not need to support copying of contexts: contexts can only be cloned through explicit `clone()` functions. + ## Function alternative implementations In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). From bf26bef157773ed9ce7913629b6c0f6daaf94c5b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:15:31 +0200 Subject: [PATCH 24/26] Discuss the durability of PSA drivers vs ALT when introducing them Signed-off-by: Gilles Peskine --- docs/architecture/alternative-implementations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index bd8450553b..eadb61b4ca 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -21,7 +21,7 @@ To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTR For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS. -If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or an [declare an alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [specific functions](#function-alternative-implementations). +If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or declare an [alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [of specific functions](#function-alternative-implementations). PSA drivers will ultimately replace the alternative implementation mechanism, but alternative implementation will remain supported in at least all Mbed TLS versions of the form 3.x. The interface of PSA drivers is currently still experimental and subject to change. ## PSA cryptography drivers From cadd3d860ee5fba1e380200d2866f75843fc3579 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:15:55 +0200 Subject: [PATCH 25/26] Give examples of PLATFORM_XXX_ALT Signed-off-by: Gilles Peskine --- docs/architecture/alternative-implementations.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index eadb61b4ca..7fe6332b47 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -84,6 +84,8 @@ Several platform functions can be reconfigured dynamically by following the proc * Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time. * During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`. +For example, to provide a custom `printf` function at run time, enable `MBEDTLS_PLATFORM_PRINTF_ALT` at compile time and assign to `mbedtls_printf` during the initialization of your application. + Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`. -Note that there are variations on the naming pattern. Consult the documentation of individual configuration options and of the platform module for details. +Note that there are variations on the naming pattern. For example, some configurable functions are activated in pairs, such as `mbedtls_calloc` and `mbedtls_free` via `MBEDTLS_PLATFORM_MEMORY`. Consult the documentation of individual configuration options and of the platform module for details. From e5702489f503f1fc26debc846cb3f4c0ab0b5b66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 21:59:08 +0200 Subject: [PATCH 26/26] mbedtls_dhm_get_value parameter order: context first, output last mbedtls_dhm_get_value can be seen as either a copy function or a getter function. Given the name and the semantics, it's more of a getter, even if it "gets" by doing a copy. Therefore, put the context first, and the selector next, leaving the output for last. Signed-off-by: Gilles Peskine --- include/mbedtls/dhm.h | 10 +++++----- library/dhm.c | 6 +++--- library/ssl_tls.c | 8 ++++---- tests/suites/test_suite_dhm.function | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 6c319f8047..e8c8a82f50 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -315,18 +315,18 @@ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); /** * \brief This function copies a parameter of a DHM key. * - * \param dest The MPI object to copy the value into. It must be - * initialized. * \param ctx The DHM context to query. * \param param The parameter to copy. + * \param dest The MPI object to copy the value into. It must be + * initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid. * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails. */ -int mbedtls_dhm_get_value( mbedtls_mpi *dest, - const mbedtls_dhm_context *ctx, - mbedtls_dhm_parameter param ); +int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param, + mbedtls_mpi *dest ); /** * \brief This function frees and clears the components diff --git a/library/dhm.c b/library/dhm.c index cb9299faba..e88f3a2c73 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -134,9 +134,9 @@ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ) return( mbedtls_mpi_size( &ctx->P ) ); } -int mbedtls_dhm_get_value( mbedtls_mpi *dest, - const mbedtls_dhm_context *ctx, - mbedtls_dhm_parameter param ) +int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param, + mbedtls_mpi *dest ) { const mbedtls_mpi *src = NULL; switch( param ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bef686403d..560597dec7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3871,10 +3871,10 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_dhm_get_value( &conf->dhm_P, dhm_ctx, - MBEDTLS_DHM_PARAM_P ) ) != 0 || - ( ret = mbedtls_dhm_get_value( &conf->dhm_G, dhm_ctx, - MBEDTLS_DHM_PARAM_G ) ) != 0 ) + if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P, + &conf->dhm_P ) ) != 0 || + ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G, + &conf->dhm_G ) ) != 0 ) { mbedtls_mpi_free( &conf->dhm_P ); mbedtls_mpi_free( &conf->dhm_G ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index d48c4e38e6..62e634a7f7 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -9,7 +9,7 @@ int check_get_value( const mbedtls_dhm_context *ctx, int ok = 0; mbedtls_mpi_init( &actual ); - TEST_ASSERT( mbedtls_dhm_get_value( &actual, ctx, param ) == 0 ); + TEST_ASSERT( mbedtls_dhm_get_value( ctx, param, &actual ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 ); ok = 1;